Blockchain technology is widely spoken about when discussing the security of cyptocurrency transactions, but could blockchain be used for medical records? Could the use of blockchain technology benefit and improve the security of healthcare data?
It is still early days when it comes to using blockchain to access medical records, but the potential improvements in security are obvious, and could include lowering the risk of data breaches while also facilitating the sharing of healthcare data between providers, as well as making it easier for patients to access data.
The current system used to store and share medical records is far from ideal. It is inefficient, with a large number of bottlenecks and blocks that do not allow data to be easily shared. This can be a problem as a patient’s medical records may not always be stored by a singe healthcare provider – different fragments of a patient’s medical history may be divided over a number of different healthcare providers’ systems.
This fragmentation means it can be difficult to access and combine all the data to get a full insight into a patient’s history, and it can also lead to an increased risk of data theft. With data spread across several systems, including different healthcare providers and business associates, the risk of a breach occurring is increased. While the Health Insurance Portability and Accountability Act (HIPAA) mandates that all HIPAA-covered entities and their business associates must use technical protections to maintain the confidentiality, integrity, and availability of protected health information (PHI), security is individually managed by each of these actors.
The risk that an error occurs and data is exposed is increased with each different entity that has access to the data. HIPAA-covered entities and their business associates sometimes make mistakes while handing, sending, or saving information. Even when great care is being taken to avoid mistakes, breaches can still occur, as attested to by the Department of Health and Human Services’ Office for Civil Rights’ Breach portal. Introducing blockchain technology to this system could dramatically improve the security of medical records.
Blockchain, as can be inferred from the name, utilizes a chain of data blocks. These blocks record information about transactions and they are encrypted for privacy. Instead of a single storage point of information, blockchain records data to an encrypted ledger which exists across a number of synchronized and replicated databases. Every block in the chain is linked to the block that came before it with a unique public key. Access to the data is strictly controlled.
The recent and considerable data breaches that occurred at Anthem and Equifax show us that holding large amounts of data in single centralized systems is not a viable way to keep that data safe. A potential alternative may be to store data as part of a decentralized system.
Each data block in the chain is encrypted with using public key cryptography and decrypted with a private key or password. For medical records, this private key could be a password held by a patient, for example.
If blockchain were introduced, instead of several healthcare providers all storing their own copy of a patient’s information, a patient would be able to provide a key or password to any provider to enable them to access all of the patient’s medical records.
The data would be securely stored through blockchain and could not be accessed without the key. No single block of data could be hacked without hacking all other blocks in the chain’s chronology at the same time. It would also prevent any changes being made to a data block while attempting to hide that a change had been made.
For cryptocurrencies, for example Bitcoin, the blockchain is used for transactions – trades of the currency. For medical records, the transactions recorded could be any health information such as X-ray images, test results, prescriptions, surgeries, or consultations. Any new data entry would need to be confirmed as valid by a trusted entity that has access to the private key. Once confirmed, it would become a new block in the chain in chronological order and the whole chain would contain a patient’s entire medical history.
Using blockchain for medical records may offer huge benefits to both patients and healthcare providers. The blockchain could increase security while also combining all of a patient’s information together from multiple sources.
Full medical records could therefore be easily shared between providers. No electronic transmission of data between providers would need to occur, future providers could be given the access key and where they could access the information.
Blockchain could also help patients access their information more easily. Instead of making several requests to all their previous providers, they could make a single request and access their full information. Getting access to medical records under the current system can be complicated, time-consuming, and even costly, as providers are allowed to charge a fee for copies of the information.
If data is made available through patient portals, combining and sharing the information can be even more complicated. Another area where blockchain offers advantages is in cases where there are multiple patient identifiers.
Blockchain has been proven to work for financial transactions, so why not medical records? Is it a practical solution? Trials of blockchain to support medical data have already shown positive results. One example, a trial conducted over a period of six months by MIT Media Lab and Beth Israel Deaconess Medical Center, demonstrated blockchain worked well in tracking test results, treatments, and prescriptions for inpatients and outpatients. During the trial, data exchange between two institutions was simulated using two different databases at Beth Israel. There are currently plans to expand the trial.
Some issues do still remain to be resolved. Blockchain is pseudonymous, not anonymous. Certain records, such as psychotherapy notes, should not be accessible to patients, and blockchain does not offer a solution to keeping these accessible to providers but hidden from patients.
Extensive testing with medical records would also need to be carried out and healthcare organizations would need to be persuaded to adopt the blockchain system. In a survey carried out by IBM in 2017, 16% of 200 participating organizations said they aimed to have a commercial blockchain solution established before the start of 2018, which is encouraging news for all who would benefit from this new technology.